Fallout from a Fallout

by Ben SiegelMay 16, 2019May 16, 2019

It is often that a data breach reveals other issues that a
business is experiencing, but it isn’t every day I see the opposite. When I
heard about what was happening at Bethesda Softworks and their online game, I
was interested immediately.

The background on this is simple enough. Bethesda is a
well-known video game maker with a number of well-known titles. Fallout 76 was
the newest title in one of their series, but unlike previous titles, was an
online game. Many were excited for this title and there special editions of
this game offered to those willing to spend extra. Upon the launch of a game
with a large amount of bugs and glitches, a number of issues took place.

First, the collector’s editions came with a few items, most
notably a canvas bag. Many were disappointed that the bag was not actually made
of canvas and instead more of a synthetic material. People began demanding
refunds. This is where the issues got worse. A site was set up to process the
refund requests, however an issue happened when providing a receipt to these
customers. Individuals were getting the information of other customers,
including names, emails, and partial credit card information. But it got worse.

It turned out that individuals were able to actually access and edit existing tickets of any person that had submitted one. That means if someone really wanted to, they could close out every ticket and “resolve” them. There were no bad actors that were found to do this, but there was no hacking or other illicit activity. This all happened because of hasty setup and lack of review by Bethesda.

The real moral here is that handling a breach, or any
incident, is just as important as preventing such a scenario. Bethesda had an
incident with the initial response and requests for refunds. It was bad, but
had it been handled well, it would have been a footnote in the otherwise poor
launch of their game. However, the mishandling of the refunds, and by extension
the inadvertent release of their customers data made it that much worse. A good
response may net little, but a poor response can make things exponentially
worse.